A new ransomware campaign, called Magniber, is targeting Windows users that download pirated content. This campaign reportedly began late last month.
Since April 27, an increasing number of victims have shared their stories on the BleepingComputer forum in search of a solution. According to reports from the publication, the ransomware disguises itself as Windows 10 updates and gets distributed through fraudulent warez and crack sites.
The ransomware then deletes shadow volume copies and encrypts files after being run, attaching a random 8-character extension.
Afterward, victims are sent a ransomware note which instructs them to install the Tor browser and access a custom url address for their specific individual case.
The Magniber payment site instructs victims on how to negotiate and pay for their ransom payment in Bitcoin. Victims are also allowed to decrypt one file for free, in order to demonstrate the validity of Magniber’s claims.
“The only 1 way to decrypt your files is to receive the private key and decryption program,” the ransom note reads. “Any attempts to restore your files with the third party software will be fatal for your files!”
Reportedly, most ransom demands have been for approximately 0.068 bitcoin (or $2,500).
Since Magniber is considered secure, there are no weaknesses on its website that can be exploited in order to recover users’ files free of charge.